Languages
Pages
Legal
Network Security
CNET-223 C-167
Review Questions
Kewal Krisan
300641581
Chapter 2
LAB 2.1
1. In Process Explorer, the processes shaded in light pink are
Services
2. In Process Explorer, the processes shaded in purple are
Own processes
3. In this lab, the Windows firewall was disabled to allow the remote at command. If you want to activate Windows Firewall yet still allow the remote at command from Vista, you would need to determine the source and destination ports used for the transmission, which command could you use to do so?
netstat
4. What would be the effect of omitting the option “/interactive” from the at command used in Step 18 of the lab?
Notepad would run on the remote system but would not be visible on the remote user’s desktop
5. Which of the following statements regarding Windows Firewall and/or process is correct?
In order to configure the windows server 2008 windows firewall to allow the at program, you should access the windows firewall exceptions tab.
LAB 2.2
1. Which of the following statements regarding Sigcheck is correct?
sigcheck examines only executable files
sigcheck can be used to verify that a digital signature is authentic
2. Which option you use with Sigcheck to examine the current directory and all subdirectories?
-s
3. On the Sigcheck web page, in the Usage section, the syntax for command usage is presented. In interpreting the syntax of a command, anything in brackets “[]” indicates that the
Option will be explained below
4. The potential activity security issued addressed by Sigcheck apply to programs installed locally (from CD or DVD) as well as programs downloaded over the Internet.
False
5. which of the following is a utility developed by Sysinternals?
Process explorer
LAB 2.3
1. Which of the following statements regarding validation of downloaded programs are correct.
When the hash of the program on the internet and the hash of that file that you downloaded are the same, you can be sure that the program does not contain malware.
2. Which of the following is a useful way to decrease the chance of inadvertently installing malware?
Scan the program file with anti-virus software
Check for reports of security programs with the program on technical new groups, email lists, and web sites that track the program threats and vulnerabilities.
3. Which of the following is a reasonable way to increase system security?
Use a program that automatically hashes your original operating system files periodically to determine if an attacker has modified a system.
LAB 2.4
1. Once you configure Internet Explorer to prompt you before running Active Scripting, you may get a high number of prompts when accessing trusting sites that you use frequently. A solution to this would be to
Add these sites to the internet explorer trusted sites zones
2. As soon as you completed the Registry changes in Lab 2.4, you decide that you want to reverse the kill bit Registry change. The best action would be to
Double click hkcrbackup
3. Obfuscate
Means to make unclear
4. Is it recommended that you defend against the access snapshot viewer even if you have not downloaded the ActiveX Control?
TRUE
5. In order to avoid all the complications associated with securing your system against compromised ActiveX control, you could
Install an anti-virus program and an anti-spyware program to run in the background
LAB 2.5
1. LDAP stands for
Lightweight directory access protocol
2. The administrator of first domain in a forest is called the
Enterprise administrator
3. When a windows 2008 forest is first created, any user can add or remove domains in the forest. false
4. In order to find the LDAP service, a client must access which type of DNS record ?
srv
5. Which of the following statements regarding AD DS is true?
Installing the ad ds role creates neither a domain controller nor a domain
CHAPTER 3
LAB 3.1
ANSWERS
1. B – run the Security configuration Wizard and roll back the last applied security policy2. A- Defragmenting files3. A- the security configuration wizard can be used to apply the same security policies as found on
the security TemplatesB- the policies created with the Security Configuration wizard can be applied to remote computers using Group Policies.C-the Security configuration wizard is a role based utility that allows security configuration based on the function of the server.
4. FALSE5. B- only security updates and patches from the operating system vendor should be applied to a
production workstationC- Data Execution Prevention is a system hardening feature.D- Hardening a system includes applying security updates and patches to software programs that run on the operating system
LAB 3.2Answers
1. A- Local Policies\audit policies\audit object accessB- Local policies\user rights assignment\deny log on locallyC- Local policies\security options\user account control: Switch to the secure desktop when prompting for elevationD-Local policies\security options\accounts: rename administrator account
2. D-add and delete registry keys and subkeys3. A- Account policies\Kerberos policy\maximum lifetime for user ticket
B- Account policies\account lockout policy\reset account lockout counter after4. A- the unit of measurement for this setting is minutes
B-the security settings determines the maximum number of services that a granted session ticket can be used to accessC- Session tickets are used to authenticate new connections with servers
5. A-this setting determines how long a user must wait in order to attempt to log on after an account lockoutC-This value must be less than or equal to the Account lockout duration if an account lockout threshold is defined.
LAB 3.3 Answers
1. C- Account policies\account lockout policy\account lockout threshold2. C-Local policies\security options\network security: Force logoff when logon hours expire3. A- User rights assignment4. A-this setting applies both on local and remote logon
B- This setting has no effect on Windows 2000, Service pack 1 computers5. FALSE
LAB 3.4
Answers
1. FALSE
2. B- are found in C:\Documents and settings\all users\documents\security\templates
3. C-Security configuration and Analysis can be used to revert to the original, default settings by importing the setup security template.
4. B- the system services node in a security template allows administrators to specify the startup types and permissions for system services.
D- After the installation of Active Directory on a Windows Server 2008, a default security template is created in C:\Windows\Security\Templates.
5. A- Using security configuration and analysis to analyze the computer followed by right-clicking Security configuration and analysis and selecting Export Template
LAB 3.5
Answers
1. B-you do not know who may be attempting to perform actions that are prohibited by access controls
2. A- in lab 3.5 the sales report file inherited the auditing configuration you set on the sales folderB-object access auditing settings on a file may not conflict with the object access auditing settings on the parent folder
3. TRUE4. A- Auditing will then apply to all domain controllers in the Default Domain controllers OU.
CHAPTER 4
LAB 4.1Answers
1. C- AAA2. D- ::13. C-644. D- When a file of any size is modified, there is no relationship between the pre- and post-
modification hashes and the number of bytes modified5. A-intrusion detection
D- the development of secure cryptographic algorithms
LAB 4.2
ANSWERS
1. A- Anonymous access is permitted by four FTP Server
2. A-Microsoft Network Monitor captures
C- Novell LANanalyzer captures
3. B- WinPcap allows applications to capture and transmit network packets bypassing the protocol stack
4. C- Microsoft IIS Log File Format
LAB 4.3
ANSWERS
1. A- require users to authenticate using their domain account2. A- FTP Data3. C-Vista initiated the connection by sending to the FTP sever a packet with TCP flag SYN set4. A- Once the FTP server had been first contacted by Vista, it sent a packet with the TCP flags SYN
and ACK set5. D- the teardown of the TCP session began with Vista sent a packet to the FTP server with the
TCP flags FIN and ACK set
LAB 4.4
ANSWERS
1. A- indicates that Telnet can be used to manage a server remotely
2. C- 23
3. B – More than 2 frames were captured in less than a millisecond.
C- During the Telnet session – TCP packets were used to send ACK flags
4.A,B,C,D
5. C- Windows PwerShell
LAB 4.5
Answers-
1. B-SMTP2. C-1103. C- For DNS clients to access your server by FQDN or by IP address4. A- 235. FALSE
Chapter 5
LAB 5.1
Answers
1. B-192.168.1.2092. B-ICMP3. C- C:\Wondows\System32\Cmd4. A-CMD , C- VBS, D-JSE5. When the computer user enters the command snort, the files in C:\Windows\System32 will be
deleted
LAB 5.2
ANSWERS
1. D- There is no data field in an ICMP frame
2. D- Request Web page elements
3. B- 192.1681.209:49223
4. A- ICMP is not processed hign enough in the protocol stack to use a port address.
5. A- none
LAB 5.3
ANSWERS
1. D-255.240.0.0
2. A- The rule is intended to cause an alert to be logged if the computer with the IP address 209.57.134.0 attempts to make any contact with the computer at 67.6.155.9
3. A- Only one packer was captured because only traffic directed to the Cista machine was examined.
4. True
5. A- you have met your primary goal but not secondary goal.
LAB 5.4
ANSWERS
1. B- colon
2. C- comma
3. D- 525
4. A. make sure that the client had to query the DNS sever for the IP address of server.temx.net
5. B- PCRE
Chapter -8
Lab 8.1
1.C
2.C
3.D
4.A,D
5.TRUE
Lab 8.2
1.B
2.D
3.D
4.TRUE
5.C,D
Lab 8.3
1.C
2.B
3.D
4.C
5.C,D
Lab 8.4
1.B,C
2.C
3.D
4.B
5.C
Lab 8.5
1.D
2.B
3.C
4.B
5.FALSE
Chapter 9
Lab 9.1
1.D
2.A
3.B
4.D
5.FALSE
Lab 9.2
1.D
2.B,C
3.C
4.C
5.TRUE
Lab 9.3
1.D
2.B
3.C
4.C
Lab 9.4
1.B
2.C
3.B
4.TRUE
5.C
Lab 9.5
1.C
2.B
3.C
4.B
5.A
Top Related